CERT warns of new vulnerabilities in virtualisation software

The US Computer Emergency Response Team (CERT) has warned of a series of new vulnerabilities in virtualisation software that could enable an attacker to run their own code on the host machine or to access any account.

"Some 64-bit operating systems and virtualisation software running on Intel CPU hardware are vulnerable to a local privilege escalation attack," states the warning.

All systems running a 64-bit Xen hypervisor with 64-bit para-virtualised guests on Intel CPUs are vulnerable, admitted the Xen Project, the open source group responsible for virtualisation software.

The flaw does not affect popular commercial virtualisation software from VMware.

In a blog post, the Xen Project described the vulnerability as follows: "It has to do with a subtle difference in the way in which Intel processors implement error handling in their version of AMD's SYSRET instruction. The SYSRET instruction is part of the x86-64 standard defined by AMD," it said.

It added: "If an operating system is written according to AMD's specification, but run on Intel hardware, the difference in implementation can be exploited by an attacker to write to arbitrary addresses in the operating system's memory."

The bug also affects 64-bit versions of NetBSD, FreeBSD and Microsoft Windows 7 and Xen added that Apple's OSX operating system might also be vulnerable. However, Linux operating systems ought to be unaffected as the underlying flaw was fixed in Linux in 2006.

Virtualisation software has been the subject of a number of criticisms over security flaws - partly in the software, but also by the nature of virtualisation. For example, in terms of the challenge of running standard desktop security products, such as anti-virus software, on a virtualised desktop.

VMware, in particular, has been criticised for letting known security flaws fester, and was also the centre of claims that its source code had been stolen by hackers.